In association with heise online

05 October 2011, 16:27

VMware patches buffer overflow in legacy products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Virtualisation specialist VMware has warned of a vulnerability (CVE-2011-3868) that could allow attackers to execute arbitrary code. The vulnerability lies in the way UDF filesystems are handled within VMware's Workstation, Player, and Fusion applications, and could be exploited by an attacker to execute code should a user install software from a specially crafted malicious ISO image. The problem was discovered by an anonymous person via the SecuriTeam Secure Disclosure program, and is believed to be present on all host operating systems.

VMware versions up to and including Workstation 7.1.4, Player 3.1.4, and Fusion 3.1.2 are affected; other products are not vulnerable. Updated releases of all three products have been made available, and should be downloaded by affected users. Further details are available in VMware's Security Advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit